Project

General

Profile

Actions

Feature #29405

open

Support header Content Security Policy

Added by Ludovic Andrieux over 6 years ago. Updated 8 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

Hi,

According Google, this a basic Content Security Policy.

Content-Security-Policy: default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'

Redmine crash with it because there is some call to eval in javascript in some pages.

Regards,
Ludovic


Files

2018-08-18_142722.png (76.2 KB) 2018-08-18_142722.png Ludovic Andrieux, 2018-08-18 14:30
clipboard-202307031747-pojyg.png (62.8 KB) clipboard-202307031747-pojyg.png Popa Marius, 2023-07-03 16:47
clipboard-202307031749-tbv3n.png (14.8 KB) clipboard-202307031749-tbv3n.png Popa Marius, 2023-07-03 16:48
clipboard-202307051048-oevyb.png (30.5 KB) clipboard-202307051048-oevyb.png Popa Marius, 2023-07-05 09:48
Actions

Also available in: Atom PDF